<!DOCTYPE html>
<!-- saved from url=(0127)https://docs.google.com/document/d/e/2PACX-1vRxTEe9UMR8b-g0bRW2M628KWrxXi-7dqe9T9iy-UdHpQIqj-5wKu3GZSqemFem1NPGb-GCExhYDcfv/pub -->
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>WebPerfWG call 13 Feb 2020</title><link rel="shortcut icon" href="https://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico"><meta name="referrer" content="strict-origin-when-cross-origin"><style type="text/css" nonce="">
      @import url("https://fonts.googleapis.com/css?family=Google+Sans");
      @import url("https://fonts.googleapis.com/css?family=Roboto");

      body {
        font-family: Roboto, arial, sans, sans-serif;
        margin: 0;
      }

      iframe {
        border: 0;
        frameborder: 0;
        height: 100%;
        width: 100%;
      }

      #header {
        align-items: center;
        background: white;
        border-bottom: 1px #ccc solid;
        display: flex;
        height: 60px;
        justify-content: space-between;
        position: fixed;
        top: 0;
        width: 100%;
        z-index: 100;
      }

      #header #title {
        font-family: 'Google Sans';
        font-size: large;
        margin: auto 0 auto 20px;
        overflow: hidden;
        text-overflow: ellipsis;
        white-space: nowrap;
        width: 70%;
      }

      #header #interval {
        margin: auto 25px auto 0;
        font-family: Roboto;
        font-size: small;;
      }

      #footer {
        background: #f0f0f0;
        border-bottom: 1px #ccc solid;
        bottom: 0;
        font-family: Roboto;
        font-size: small;
        padding: 10px 10px;
        position: fixed;
        text-align: center;
        width: 100%;
      }

      #contents {
        padding: 100px 20% 50px 20%;
      }

      @media only screen and (max-device-width: 800px) {
        #header {
          border-bottom-width: 5px;
          height: auto;
          display: block;
        }

        #header #title {
          font-size: 3em;
          margin: auto 0 auto 20px;
          width: 90%;
        }

        #header #interval {
          font-size: 1.5em;
          margin: 10px 0 auto 25px;
        }

        #contents {
          padding: 150px 5% 80px;
        }

        #footer {
          font-size: 2em;
        }
      }

      .dash {
        padding: 0 6px;
      }
    </style></head><body><div id="header"><div id="title">WebPerfWG call 13 Feb 2020</div><div id="interval"><span></span></div></div><div id="contents"><style type="text/css">.lst-kix_x2hh2et3wjjb-4>li:before{content:"\0025cb  "}.lst-kix_x2hh2et3wjjb-6>li:before{content:"\0025cf  "}.lst-kix_x2hh2et3wjjb-5>li:before{content:"\0025a0  "}.lst-kix_x2hh2et3wjjb-2>li:before{content:"\0025a0  "}.lst-kix_x2hh2et3wjjb-3>li:before{content:"\0025cf  "}.lst-kix_7sv8n7nrz5ho-2>li:before{content:"\0025a0  "}.lst-kix_7sv8n7nrz5ho-0>li:before{content:"\0025cf  "}.lst-kix_7sv8n7nrz5ho-1>li:before{content:"\0025cb  "}.lst-kix_x2hh2et3wjjb-8>li:before{content:"\0025a0  "}.lst-kix_x2hh2et3wjjb-7>li:before{content:"\0025cb  "}.lst-kix_23m8qs5vhnsp-0>li:before{content:"\0025cf  "}.lst-kix_23m8qs5vhnsp-2>li:before{content:"\0025a0  "}.lst-kix_23m8qs5vhnsp-1>li:before{content:"\0025cb  "}.lst-kix_23m8qs5vhnsp-4>li:before{content:"\0025cb  "}.lst-kix_7sv8n7nrz5ho-3>li:before{content:"\0025cf  "}.lst-kix_23m8qs5vhnsp-3>li:before{content:"\0025cf  "}.lst-kix_7sv8n7nrz5ho-4>li:before{content:"\0025cb  "}.lst-kix_23m8qs5vhnsp-8>li:before{content:"\0025a0  "}.lst-kix_7sv8n7nrz5ho-6>li:before{content:"\0025cf  "}.lst-kix_7sv8n7nrz5ho-5>li:before{content:"\0025a0  "}.lst-kix_23m8qs5vhnsp-5>li:before{content:"\0025a0  "}.lst-kix_x2hh2et3wjjb-1>li:before{content:"\0025cb  "}.lst-kix_7sv8n7nrz5ho-8>li:before{content:"\0025a0  "}.lst-kix_23m8qs5vhnsp-6>li:before{content:"\0025cf  "}.lst-kix_x2hh2et3wjjb-0>li:before{content:"\0025cf  "}.lst-kix_7sv8n7nrz5ho-7>li:before{content:"\0025cb  "}.lst-kix_23m8qs5vhnsp-7>li:before{content:"\0025cb  "}.lst-kix_usvus8kbl2qb-0>li:before{content:"\0025cf  "}ul.lst-kix_usvus8kbl2qb-1{list-style-type:none}ul.lst-kix_usvus8kbl2qb-2{list-style-type:none}ul.lst-kix_usvus8kbl2qb-3{list-style-type:none}.lst-kix_usvus8kbl2qb-1>li:before{content:"\0025cb  "}ul.lst-kix_usvus8kbl2qb-4{list-style-type:none}ul.lst-kix_usvus8kbl2qb-5{list-style-type:none}ul.lst-kix_usvus8kbl2qb-6{list-style-type:none}ul.lst-kix_usvus8kbl2qb-7{list-style-type:none}.lst-kix_3o2q84ymt1p5-3>li:before{content:"\0025cf  "}.lst-kix_usvus8kbl2qb-2>li:before{content:"\0025a0  "}ul.lst-kix_usvus8kbl2qb-8{list-style-type:none}.lst-kix_3o2q84ymt1p5-4>li:before{content:"\0025cb  "}.lst-kix_usvus8kbl2qb-3>li:before{content:"\0025cf  "}.lst-kix_usvus8kbl2qb-5>li:before{content:"\0025a0  "}.lst-kix_3o2q84ymt1p5-6>li:before{content:"\0025cf  "}.lst-kix_3o2q84ymt1p5-5>li:before{content:"\0025a0  "}ul.lst-kix_usvus8kbl2qb-0{list-style-type:none}.lst-kix_usvus8kbl2qb-4>li:before{content:"\0025cb  "}.lst-kix_usvus8kbl2qb-8>li:before{content:"\0025a0  "}.lst-kix_3o2q84ymt1p5-8>li:before{content:"\0025a0  "}.lst-kix_usvus8kbl2qb-7>li:before{content:"\0025cb  "}.lst-kix_3o2q84ymt1p5-7>li:before{content:"\0025cb  "}.lst-kix_usvus8kbl2qb-6>li:before{content:"\0025cf  "}.lst-kix_fp46adra937-4>li:before{content:"\0025cb  "}.lst-kix_fp46adra937-5>li:before{content:"\0025a0  "}.lst-kix_fp46adra937-3>li:before{content:"\0025cf  "}.lst-kix_fp46adra937-7>li:before{content:"\0025cb  "}.lst-kix_fp46adra937-0>li:before{content:"\0025cf  "}.lst-kix_fp46adra937-1>li:before{content:"\0025cb  "}.lst-kix_fp46adra937-8>li:before{content:"\0025a0  "}.lst-kix_fp46adra937-2>li:before{content:"\0025a0  "}.lst-kix_3o2q84ymt1p5-2>li:before{content:"\0025a0  "}.lst-kix_3o2q84ymt1p5-1>li:before{content:"\0025cb  "}.lst-kix_3o2q84ymt1p5-0>li:before{content:"\0025cf  "}.lst-kix_fp46adra937-6>li:before{content:"\0025cf  "}ul.lst-kix_23m8qs5vhnsp-7{list-style-type:none}ul.lst-kix_23m8qs5vhnsp-8{list-style-type:none}ul.lst-kix_23m8qs5vhnsp-0{list-style-type:none}ul.lst-kix_23m8qs5vhnsp-1{list-style-type:none}ul.lst-kix_23m8qs5vhnsp-2{list-style-type:none}ul.lst-kix_23m8qs5vhnsp-3{list-style-type:none}ul.lst-kix_23m8qs5vhnsp-4{list-style-type:none}ul.lst-kix_23m8qs5vhnsp-5{list-style-type:none}ul.lst-kix_23m8qs5vhnsp-6{list-style-type:none}ul.lst-kix_imfp0yls1rm5-1{list-style-type:none}ul.lst-kix_imfp0yls1rm5-0{list-style-type:none}ul.lst-kix_imfp0yls1rm5-8{list-style-type:none}ul.lst-kix_imfp0yls1rm5-7{list-style-type:none}ul.lst-kix_imfp0yls1rm5-6{list-style-type:none}.lst-kix_imfp0yls1rm5-8>li:before{content:"\0025a0  "}ul.lst-kix_imfp0yls1rm5-5{list-style-type:none}ul.lst-kix_imfp0yls1rm5-4{list-style-type:none}ul.lst-kix_imfp0yls1rm5-3{list-style-type:none}ul.lst-kix_imfp0yls1rm5-2{list-style-type:none}.lst-kix_imfp0yls1rm5-7>li:before{content:"\0025cb  "}ul.lst-kix_fp46adra937-0{list-style-type:none}.lst-kix_imfp0yls1rm5-4>li:before{content:"\0025cb  "}.lst-kix_imfp0yls1rm5-6>li:before{content:"\0025cf  "}ul.lst-kix_fp46adra937-1{list-style-type:none}.lst-kix_imfp0yls1rm5-5>li:before{content:"\0025a0  "}ul.lst-kix_fp46adra937-6{list-style-type:none}ul.lst-kix_fp46adra937-7{list-style-type:none}ul.lst-kix_fp46adra937-8{list-style-type:none}.lst-kix_imfp0yls1rm5-2>li:before{content:"\0025a0  "}ul.lst-kix_fp46adra937-2{list-style-type:none}ul.lst-kix_fp46adra937-3{list-style-type:none}ul.lst-kix_fp46adra937-4{list-style-type:none}.lst-kix_imfp0yls1rm5-3>li:before{content:"\0025cf  "}ul.lst-kix_fp46adra937-5{list-style-type:none}.lst-kix_imfp0yls1rm5-1>li:before{content:"\0025cb  "}.lst-kix_imfp0yls1rm5-0>li:before{content:"\0025cf  "}ul.lst-kix_7sv8n7nrz5ho-1{list-style-type:none}ul.lst-kix_7sv8n7nrz5ho-0{list-style-type:none}ul.lst-kix_7sv8n7nrz5ho-3{list-style-type:none}ul.lst-kix_7sv8n7nrz5ho-2{list-style-type:none}ul.lst-kix_7sv8n7nrz5ho-5{list-style-type:none}ul.lst-kix_7sv8n7nrz5ho-4{list-style-type:none}ul.lst-kix_7sv8n7nrz5ho-7{list-style-type:none}ul.lst-kix_7sv8n7nrz5ho-6{list-style-type:none}ul.lst-kix_7sv8n7nrz5ho-8{list-style-type:none}ul.lst-kix_x2hh2et3wjjb-2{list-style-type:none}ul.lst-kix_x2hh2et3wjjb-3{list-style-type:none}ul.lst-kix_x2hh2et3wjjb-4{list-style-type:none}ul.lst-kix_x2hh2et3wjjb-5{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-1{list-style-type:none}ul.lst-kix_x2hh2et3wjjb-6{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-0{list-style-type:none}ul.lst-kix_x2hh2et3wjjb-7{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-3{list-style-type:none}ul.lst-kix_x2hh2et3wjjb-8{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-2{list-style-type:none}li.li-bullet-0:before{margin-left:-18pt;white-space:nowrap;display:inline-block;min-width:18pt}ul.lst-kix_x2hh2et3wjjb-0{list-style-type:none}ul.lst-kix_x2hh2et3wjjb-1{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-5{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-4{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-7{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-6{list-style-type:none}ul.lst-kix_3o2q84ymt1p5-8{list-style-type:none}ol{margin:0;padding:0}table td,table th{padding:0}.c2{padding-top:18pt;padding-bottom:6pt;line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}.c10{color:#434343;font-weight:400;text-decoration:none;vertical-align:baseline;font-size:14pt;font-family:"Arial";font-style:normal}.c9{padding-top:16pt;padding-bottom:4pt;line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}.c5{color:#000000;font-weight:400;text-decoration:none;vertical-align:baseline;font-size:11pt;font-family:"Arial";font-style:normal}.c6{color:#000000;font-weight:400;text-decoration:none;vertical-align:baseline;font-size:16pt;font-family:"Arial";font-style:normal}.c0{padding-top:0pt;padding-bottom:0pt;line-height:1.15;orphans:2;widows:2;text-align:left}.c7{text-decoration-skip-ink:none;-webkit-text-decoration-skip:none;color:#1155cc;text-decoration:underline}.c13{background-color:#ffffff;max-width:468pt;padding:72pt 72pt 72pt 72pt}.c8{color:inherit;text-decoration:inherit}.c1{margin-left:36pt;padding-left:0pt}.c11{margin-left:72pt;padding-left:0pt}.c4{padding:0;margin:0}.c12{height:11pt}.c3{font-weight:700}.title{padding-top:0pt;color:#000000;font-size:26pt;padding-bottom:3pt;font-family:"Arial";line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}.subtitle{padding-top:0pt;color:#666666;font-size:15pt;padding-bottom:16pt;font-family:"Arial";line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}li{color:#000000;font-size:11pt;font-family:"Arial"}p{margin:0;color:#000000;font-size:11pt;font-family:"Arial"}h1{padding-top:20pt;color:#000000;font-size:20pt;padding-bottom:6pt;font-family:"Arial";line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}h2{padding-top:18pt;color:#000000;font-size:16pt;padding-bottom:6pt;font-family:"Arial";line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}h3{padding-top:16pt;color:#434343;font-size:14pt;padding-bottom:4pt;font-family:"Arial";line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}h4{padding-top:14pt;color:#666666;font-size:12pt;padding-bottom:4pt;font-family:"Arial";line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}h5{padding-top:12pt;color:#666666;font-size:11pt;padding-bottom:4pt;font-family:"Arial";line-height:1.15;page-break-after:avoid;orphans:2;widows:2;text-align:left}h6{padding-top:12pt;color:#666666;font-size:11pt;padding-bottom:4pt;font-family:"Arial";line-height:1.15;page-break-after:avoid;font-style:italic;orphans:2;widows:2;text-align:left}</style><div class="c13"><h2 class="c2" id="h.9ce5aitu38b4"><span class="c6">Participants</span></h2><p class="c0"><span class="c5">Andrew Comminos - Facebook</span></p><p class="c0"><span class="c5">Alex Christensen - Apple</span></p><p class="c0"><span class="c5">Chris Harrelson - Google, </span></p><p class="c0"><span class="c5">Philippe Le Hegaret - W3C</span></p><p class="c0"><span class="c5">Nic Jansma - Akamai</span></p><p class="c0"><span class="c5">Annie Sullivan - Google</span></p><p class="c0"><span class="c5">Nate Schloss - Facebook</span></p><p class="c0"><span class="c5">Ryosuke Niwa - Apple</span></p><p class="c0"><span class="c5">Steven Bougon - SalesForce</span></p><p class="c0"><span class="c5">Benjamin De Kosnik - Mozilla</span></p><p class="c0"><span class="c5">Yoav Weiss - Google</span></p><h2 class="c2" id="h.74fus09nwvgl"><span class="c6">Next Call</span></h2><p class="c0"><span class="c5">Feb 27 at 10am PST / 1pm EST</span></p><h2 class="c2" id="h.qc1ak6lk3ey9"><span class="c6">Proposals</span></h2><h3 class="c9" id="h.nunx7fbtjhpu"><span class="c10">isInputPending Update part 3 - Andrew Comminos</span></h3><ul class="c4 lst-kix_7sv8n7nrz5ho-0 start"><li class="c0 c1 li-bullet-0"><span class="c7"><a class="c8" href="https://www.google.com/url?q=https://docs.google.com/presentation/d/1TICcb6PssfrUOKPuBaAhjmDzL7FN7FQBfZf9bdSsYGU/edit?usp%3Dsharing&amp;sa=D&amp;source=editors&amp;ust=1613234896488000&amp;usg=AOvVaw22LQKP4dHslnQWmGpzyf-q">Presentation</a></span><span>&nbsp;(followup from </span><span class="c7"><a class="c8" href="https://www.google.com/url?q=https://docs.google.com/presentation/d/1qgmuSnDIyCbGueW71aGP4NHVpPbcH-_-AAZ_DS-Nbkk/edit%23slide%3Did.g7d00738d02_1_8&amp;sa=D&amp;source=editors&amp;ust=1613234896488000&amp;usg=AOvVaw1KbXhSLQTT_itx6irHKlxX">last time</a></span><span class="c5">)</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: Last time we chatted about an issue around child (cross-origin) IFRAMEs and the parent frame and how isInputPending hit-testing works if the child frame is possibly moving around</span></li><li class="c0 c1 li-bullet-0"><span class="c5">...: The current Chromium implementation does not allow sniffing DOM events dispatched to cross-origin iframes, but could reveal a “proto intent” to dispatch an event, when the event is not dispatched later.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: What do you mean by “proto intent”?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: the ability to know when an event was going to be dispatched but then doesn’t get dispatched.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: That contradicts your statement that the implementation doesn’t allow sniffing.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: You can’t sniff an event, just know that input was thrown away.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: Doesn’t matter if the event was dispatched.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: This is in the context of the locking solution that we talked about last time, where we can throw away the event if we see it will be dispatched to the wrong origin. </span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: Why do we change our mind?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: That assumes the frame moves between those two checks</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: We have a first fast hit test that assigns to origin, but when we actually do the dispatch when the event task is on the event loop, we do a more accurate hit test that can show that the DOM was mutated in the meantime, which can show that the event is dispatched against a different origin.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: But the event is dispatched on a frame, how can the second test conclude that it should go on a different frame.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: Hit test is on an element and the element that was hit needs to be determined as part of the hit test algorithm. The frame is determines in an initial fast hit test, but the exact element determined afterwards.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: But if the entire frame is moving, how is hit testing finding that the hit element is outside of the frame?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: We could dispatch the event using an offset into that frame from the original hit testing. Is that what you’re suggesting?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: That would leak more information</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: In your description, user clicks on the screen and we determine that it should go to frame A, and isPendingInput is true for frame A. Then the frame moves. That’s irrelevant, if we initially determined that the event goes to frame A, it should remain on that frame.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: In your example, A can observe that input is queued. During the time between event detection and dispatch, the parent frame moves the frame. So it’s possible that the frame will no longer receive the event.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: Why wouldn’t the frame receive the event?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: A task queued to move the frame down or a scroll. So the event would be dispatched to the main frame instead.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: Why?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: I think the semantics Ryosuke is suggesting could be implemented. When isInputPending causes the event queueing to be observed, we could implement it so that they would be dispatched to the frame in which they were observed. So there are cases where Chrome’s implementation would need to be adjusted, but it would work, and won’t expose any security issues</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: Sounds good. Nothing fundemental that prevents us from doing that. A frame may not detect an event dispatched by a different origin.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: Right, and whether the event ends up locked to the frame or discarded…</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: Why would the event be discarded?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: In scenarios where we notice something is dirty between the event queueing and dispatch, throwing away the event would avoid a security issue</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: Is that a thing that browsers do?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: Not today, but today this is not script observable, where isInputPending would enable it.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: if the user clicked and the frame moved, would the click be ignored?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: As of Chrome 80 we have an intervention where if an iframe was moved in the last 100ms, we don’t dispatch to it, to avoid fraudulent scenarios.</span></li></ul><ul class="c4 lst-kix_7sv8n7nrz5ho-1 start"><li class="c0 c11 li-bullet-0"><span><b>Post call correction from Chris</b>: </span><span>it’s actually </span><span class="c7"><a class="c8" href="https://www.google.com/url?q=https://www.google.com/url?q%3Dhttps://bugs.chromium.org/p/chromium/issues/detail?id%253D603193%26sa%3DD%26ust%3D1581756612494000%26usg%3DAFQjCNFb6dEqh03Ub8zpNw0Si035-xNayw&amp;sa=D&amp;source=editors&amp;ust=1613234896491000&amp;usg=AOvVaw2r8y_kBElPWOmGD-TzjWgh">500ms</a></span></li></ul><ul class="c4 lst-kix_7sv8n7nrz5ho-0"><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: This is tackling a different scenario</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: Sure, but Ryosuke was asking for examples</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: And then the event will get discarded.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: One of the consequences is that isInputPending requires another source of time to yield, to avoid scenarios where we’re starving everything other than input.</span></li></ul><ul class="c4 lst-kix_7sv8n7nrz5ho-1 start"><li class="c0 c11 li-bullet-0"><span style="overflow: hidden;<b> display</b>: inline-block;<b> margin</b>: 0.00px 0.00px;<b> border</b>: 0.00px solid #000000;<b> transform</b>: rotate(0.00rad) translateZ(0px); -webkit-transform: rotate(0.00rad) translateZ(0px);<b> width</b>: 501.92px;<b> height</b>: 319.50px;"><img alt="" src="./index_files/Screenshot 2020-02-17 at 14.53.01.png" style="width: 501.92px;<b> height</b>: 319.50px; margin-left: 0.00px; margin-top: 0.00px;<b> transform</b>: rotate(0.00rad) translateZ(0px); -webkit-transform: rotate(0.00rad) translateZ(0px);" title=""></span></li></ul><ul class="c4 lst-kix_7sv8n7nrz5ho-0"><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: 100ms seems like a lot, but otherwise makes sense.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: One question - have we talked to library authors? Interest from them?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: React folks are onboard. Chris - any other frameworks?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: No other frameworks, but Google properties want it for the exact same reasons. Ads had good performance at the OT, as well as GSuite which improved load times by yielding less when there’s no input. They saw very large numbers.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: Feedback from GSuite folks about multi-user on a GDoc?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: I think we’re missing “isInputPending”, is what Benjamin is suggesting. Could be delays for input from other folks on other machines.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Andrew</span><span class="c5"><b></b>: Could incorporate it to your scheduler, and read interrupts.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Chris</span><span class="c5"><b></b>: isNetworkPending would help for that use-case. Good point.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: Would be interesting to ask them that.</span></li></ul><p class="c0 c12"><span class="c5"></span></p><h3 class="c9" id="h.mu0sfybfutbb"><span class="c7"><a class="c8" href="https://www.google.com/url?q=https://github.com/w3c/resource-timing/issues/210&amp;sa=D&amp;source=editors&amp;ust=1613234896493000&amp;usg=AOvVaw1dHzY3EyhWkZwYjzCQN4S4">Cross-origin IFRAME opting-in to sharing ResourceTiming data</a></span></h3><ul class="c4 lst-kix_usvus8kbl2qb-0 start"><li class="c0 c1 li-bullet-0"><span class="c3">Nic</span><span class="c5"><b></b>: Presented at TPAC last year, but still interested in pursuing. Resource timing data today is helpful but not giving the full picture, due to cross-origin iframes. Can’t get performance entries from cross-origin iframes. Over 30% of resource fetches are invisible to RT data, accounting for 50% of bytes. So when an analytics provider is trying to report resource sizes to developers, we’re not getting the full picture.</span></li><li class="c0 c1 li-bullet-0"><span>…: </span><span class="c5">Proposal is to let ad providers and social widgets to opt-in to sharing their data, to offer transparency and show that they are performing well.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Takeaway from TPAC was to find concrete examples of people that would use this. Talked to mPulse customers. Other folks interested was the Google Ads team that chimed in on the thread. Talked to other folks that resulted to synthetic testing for that purpose. But synthetic is not the real world. So would be great to get it in RUM.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Latest proposal is an opt-in. Can reuse TAO or add a similar header that would be that explicit opt-in mechanism. Based on the feedback the latter would be a better way.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: There are also ergonomics questions on how developers could access that data. I like it to be an extension to PerfObserver that bubbles entries from same-origin and opted-in cross-origin ones to their parent. So that way, you don’t need to access the frame at all, just some of its data. </span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Also need to see what data can be bubbled up. Can we expose full URLs or just domains? For mPulse, the more accuracy the better. Certainly want a number of bytes.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: So, next steps?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: First step is to figure out if this increases the attack surface that resource timing opens up. We currently have a few issues open related to RT and detailed reporting for credential resources. Assuming a double-keyed cache world, this doesn’t necessarily increase the risk. Maybe we need to also assume a no-third-party cookie world for that, which would mean it would be further out. But this seems like the the main risk for this feature.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Alex</span><span class="c5"><b></b>: If we restricted this to not cover credentialed requests, would that still cover Nic’s use case?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: Most of these third party iframes are not currently requested credential-less, so they have to change the way in which they operate in order to actually opt-in. Agree that it would make the security story significantly simpler.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Nic</span><span class="c5"><b></b>: So `crossorigin=anonymous` attribute on the iframe?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: Yeah, but I don’t think it cascades, so we’d need to make sure that all subresources are also credential-less, which seems like a lot of change. Maybe CO{R,E,O}P would have some “fetch everything credential-less” mode, not sure.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Maybe would be good to start looking at this for credentialed requests and see if we can get away with that. Makes sense?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Alex</span><span class="c5"><b></b>: Yeah.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Nic</span><span class="c5"><b></b>: Other concerns?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ben</span><span class="c5"><b></b>: No concern, but this seems to answer a pressing concern. Taking a step back, the proposal seem framed for CDN providers to exert influence on ad providers, but would rather see something like this that site providers can add to demand that ad providers be more transparent. Was that considered?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: This will significantly increase the security risk, as the site owner can be evil.com and can use that to extract credentialed resource sizes</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Alternatively, you could say “my third parties don’t load unless they are transparent”, which would be safer</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: We don’t want to provide that power</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: Can you clarify?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: Site providers have no control over which ads are shown on their pages. Would be good if they could audit that. Not possible right now.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Nic</span><span class="c5"><b></b>: Synthetic can give you a sample, but not a real-life sample</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: I guess I’m disturbed by the limited reach of this proposal. Site providers don’t have control over what’s loading on their site. Would be good to aggregate some information on what’s happening at particular points in time. Disturbed by the reach of this proposal. Want to give more power to site owners</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Nic</span><span class="c5"><b></b>: This would also enable a blog to get visibility of their 3Ps, if large pubishers cause 3Ps to be more transparent. Not pitching just for large companies.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Had a few customers with multiple domains and we have custom solutions to pass this information from one domain to the other. This would enable a general solution for that.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Also talked to MSN where they have a huge synthetic lab, but why can’t we do this in RUM</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: small first step, but disappointed by the limited scope</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: Maybe you could join forces on the proposal and see if we can increase its scope</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: Lack of real page weight analytics is a real problem.</span></li></ul><p class="c0 c12"><span class="c5"></span></p><h3 class="c9" id="h.hvhl5x67cows"><span class="c10">Adoption for isInputPending</span></h3><ul class="c4 lst-kix_fp46adra937-0 start"><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: Going back to isInputPending. Can we get a sense for willingness to adopt this work?</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: Idea seems OK. Not a lawyer though.</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: We’ll send a relevant CfC, but wanted your opinion</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Ryosuke</span><span class="c5"><b></b>: seems useful, no privacy and security concern, as we review more we may find hidden issues, but so far seems OK. </span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: Not gonna object</span></li></ul><h3 class="c9" id="h.ofcrcf5xvxxr"><span class="c10">Layout Instability</span></h3><ul class="c4 lst-kix_3o2q84ymt1p5-0 start"><li class="c0 c1 li-bullet-0"><span class="c3">Annie</span><span class="c5"><b></b>: Want to add some debugging information to the Layout Instability API</span></li></ul><ul class="c4 lst-kix_3o2q84ymt1p5-1 start"><li class="c0 c11 li-bullet-0"><span class="c5">Add a list of the top N nodes that contribute to the changes</span></li><li class="c0 c11 li-bullet-0"><span class="c5">Feedback?</span></li></ul><ul class="c4 lst-kix_3o2q84ymt1p5-0"><li class="c0 c1 li-bullet-0"><span class="c3">Nic</span><span class="c5"><b></b>: Just starting to add Layout Instability, looking at CLS. Everytime we add a metric, we need to explain it and what’s impacting it. Debugging information always helps.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Having a list of nodes - we’ll probably collect the data and beacon it as supporting information. Need to figure out what information we can capture and transmit. A list of nodes seems straightforward and useful</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Benjamin</span><span class="c5"><b></b>: Thumbs up. Need to make the web more transparent</span></li><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: Thanks for the feedback!</span></li></ul><h2 class="c2" id="h.hkpfot9ruqxc"><span class="c6">Issues</span></h2><h3 class="c9" id="h.mlg21fns8l7"><span class="c7"><a class="c8" href="https://www.google.com/url?q=https://github.com/mikewest/securer-contexts/issues/4&amp;sa=D&amp;source=editors&amp;ust=1613234896497000&amp;usg=AOvVaw3iQOL7MKDse87iV0lTyZzw">Securer Contexts and performance APIs</a></span></h3><ul class="c4 lst-kix_imfp0yls1rm5-0 start"><li class="c0 c1 li-bullet-0"><span class="c3">Yoav</span><span class="c5"><b></b>: Proposal from Mike West on taking the definition of secure context to the next level</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: "securer contexts" - we’re mostly interested in isolation</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Concerns around exposing performance.* information (now(), resource timing data, memory API) and side-channel leaks in non-isolated contexts</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: High(er) precision timers and memory information could be allowed behind isolated contexts that guarantee they're not leaking to any other origins (COOP/COEP/CORP)</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Due to attacks like Spectre, performance.now()'s precision was reduced</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Could allow high(er)-precision timers (and more details like memory info) in those isolated contexts than what performance.now() gives as of today</span></li><li class="c0 c1 li-bullet-0"><span class="c5">...: Pushing back that resource timing information is exposing anything beyond what load events/SW can see today, and already has a mechanism to opt-in to exposing detailed timing information via TAO header</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Plan to discuss this more to see if there are threats I’m missing, but interested in the group’s opinion. If we assumed that we defined a new type of isolated contexts, does it make sense to expose the memory APIs and higher precision timers in those contexts?</span></li><li class="c0 c1 li-bullet-0"><span class="c5"><b>Ryosuke</b>: Timing attacks are a threat for cross-origin leaks, which isolation helps. There’s also the security aspects, where isolation won’t help. There are known techniques to defeat ASLR with high precision timing. Would be fine with it as long as it doesn’t pose a new threat beyond SharedArrayBuffers.</span></li><li class="c0 c1 li-bullet-0"><span class="c5"><b>Yoav</b>: Makes sense.</span></li><li class="c0 c1 li-bullet-0"><span class="c5"><b>Ben</b>: Would like to see finer-grained control in secure contexts over the information that could be exposed. Want to give people control over what they are allowing.</span></li></ul><h3 class="c9" id="h.n65vo5xfy3hg"><span class="c10">ResourceTiming issues</span></h3><ul class="c4 lst-kix_imfp0yls1rm5-0"><li class="c0 c1 li-bullet-0"><span class="c5"><b>Yoav</b>: A few issues filed by PING</span></li></ul><ul class="c4 lst-kix_imfp0yls1rm5-1 start"><li class="c0 c11 li-bullet-0"><span class="c7"><a class="c8" href="https://www.google.com/url?q=https://github.com/w3c/resource-timing/issues/221&amp;sa=D&amp;source=editors&amp;ust=1613234896498000&amp;usg=AOvVaw3hLOWAXjlqh89G8yUznPFE">Consider removing nextHopProtocol as it may expose whether visitor is using VPN / proxy</a></span></li><li class="c0 c11 li-bullet-0"><span class="c7"><a class="c8" href="https://www.google.com/url?q=https://github.com/w3c/resource-timing/issues/222&amp;sa=D&amp;source=editors&amp;ust=1613234896499000&amp;usg=AOvVaw0rwg0LabArj30bzBPJj7SM">Consider removing wildcard option of the `Timing-Allow-Origin` header to prevent browser history leakage</a></span></li><li class="c0 c11 li-bullet-0"><span class="c7"><a class="c8" href="https://www.google.com/url?q=https://github.com/w3c/resource-timing/issues/223&amp;sa=D&amp;source=editors&amp;ust=1613234896499000&amp;usg=AOvVaw0a4AjstNbleAxNP_8Tfp6L">Consider removing wildcard option of the `Timing-Allow-Origin` header to prevent accidental application state leakage</a></span></li></ul><ul class="c4 lst-kix_imfp0yls1rm5-0"><li class="c0 c1 li-bullet-0"><span class="c5">…: nextHopProtocol enables to see if the user is behind a proxy is some scenarios</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: Other 2 issues are the same one: Some scenarios where sites provide TAO opt-in over credentialed resources, the transfer size can leak cookie sizes and therefore leak user history.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: A real issue raised by the PING. We’ll need to talk about mitigations.</span></li><li class="c0 c1 li-bullet-0"><span class="c5">…: e.g. eliminating cookie headers from transfer sizes, fuzzing for credentialed resource fetches, etc. We’ll talk more in a future call.</span></li></ul></div></div><div id="footer"><span>Published by <a target="_blank" title="Learn more about Google Drive" href="https://docs.google.com/">Google Drive</a></span><span class="dash">–</span><a href="https://docs.google.com/u/0/abuse?id=AKkXjoypmo_9mBN3NJM9ewzOaUI4jWWbMEwI6gTmSQkxSc6NJrD5zDkVMh3Cr25Z2ECcVgMptwoJcZgsX7ShKPU:0">Report Abuse</a></div><script type="text/javascript" nonce="">(function(){/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this);
function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}var ea="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b},fa;
if("function"==typeof Object.setPrototypeOf)fa=Object.setPrototypeOf;else{var ha;a:{var ia={a:!0},ja={};try{ja.__proto__=ia;ha=ja.a;break a}catch(a){}ha=!1}fa=ha?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var ka=fa;
function h(a,b){a.prototype=ea(b.prototype);a.prototype.constructor=a;if(ka)ka(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.o=b.prototype}da("Object.is",function(a){return a?a:function(b,c){return b===c?0!==b||1/b===1/c:b!==b&&c!==c}});var l=this||self;function la(){}function ma(a){var b=typeof a;return"object"==b&&null!=a||"function"==b}
function na(a,b){var c=Array.prototype.slice.call(arguments,1);return function(){var d=c.slice();d.push.apply(d,arguments);return a.apply(this,d)}}function oa(a,b){function c(){}c.prototype=b.prototype;a.o=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.B=function(d,e,f){for(var g=Array(arguments.length-2),k=2;k<arguments.length;k++)g[k-2]=arguments[k];return b.prototype[e].apply(d,g)}}function pa(a){return a};var qa=Array.prototype.indexOf?function(a,b){return Array.prototype.indexOf.call(a,b,void 0)}:function(a,b){if("string"===typeof a)return"string"!==typeof b||1!=b.length?-1:a.indexOf(b,0);for(var c=0;c<a.length;c++)if(c in a&&a[c]===b)return c;return-1};function ra(a,b,c){for(var d in a)b.call(c,a[d],d,a)};var m;function p(a,b){this.i=a===sa&&b||"";this.j=ta}p.prototype.h=!0;p.prototype.g=function(){return this.i};var ta={},sa={};var ua=String.prototype.trim?function(a){return a.trim()}:function(a){return/^[\s\xa0]*([\s\S]*?)[\s\xa0]*$/.exec(a)[1]},va=/&/g,wa=/</g,xa=/>/g,ya=/"/g,za=/'/g,Aa=/\x00/g,Ba=/[\x00&<>"']/;function Ca(a,b){return a<b?-1:a>b?1:0};function q(a,b){this.i=b===r?a:""}q.prototype.h=!0;q.prototype.g=function(){return this.i.toString()};q.prototype.toString=function(){return this.i.toString()};function u(a){return a instanceof q&&a.constructor===q?a.i:"type_error:SafeUrl"}
var Da=/^(?:audio\/(?:3gpp2|3gpp|aac|L16|midi|mp3|mp4|mpeg|oga|ogg|opus|x-m4a|x-matroska|x-wav|wav|webm)|font\/\w+|image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp|x-icon)|video\/(?:mpeg|mp4|ogg|webm|quicktime|x-matroska))(?:;\w+=(?:\w+|"[\w;,= ]+"))*$/i,Ea=/^data:(.*);base64,[a-z0-9+\/]+=*$/i,Fa=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;function Ga(a){if(a instanceof q)return a;a="object"==typeof a&&a.h?a.g():String(a);Fa.test(a)||(a="about:invalid#zClosurez");return new q(a,r)}
var r={},Ha=new q("about:invalid#zClosurez",r);var v;a:{var Ia=l.navigator;if(Ia){var Ja=Ia.userAgent;if(Ja){v=Ja;break a}}v=""}function w(a){return-1!=v.indexOf(a)};function x(a,b,c){this.i=c===Ka?a:""}x.prototype.h=!0;x.prototype.g=function(){return this.i.toString()};x.prototype.toString=function(){return this.i.toString()};var Ka={};function La(a,b,c,d){a=a instanceof q?a:Ga(a);b=b||l;c=c instanceof p?c instanceof p&&c.constructor===p&&c.j===ta?c.i:"type_error:Const":c||"";return void 0!==d?b.open(u(a),c,d,void 0):b.open(u(a),c)};function Ma(a){Ma[" "](a);return a}Ma[" "]=la;function y(a,b,c){return Object.prototype.hasOwnProperty.call(a,b)?a[b]:a[b]=c(b)};var Na=w("Opera"),z=w("Trident")||w("MSIE"),Oa=w("Edge"),Pa=Oa||z,Qa=w("Gecko")&&!(-1!=v.toLowerCase().indexOf("webkit")&&!w("Edge"))&&!(w("Trident")||w("MSIE"))&&!w("Edge"),Ra=-1!=v.toLowerCase().indexOf("webkit")&&!w("Edge"),Sa=w("Macintosh");function Ta(){var a=l.document;return a?a.documentMode:void 0}var Ua;
a:{var Va="",Wa=function(){var a=v;if(Qa)return/rv:([^\);]+)(\)|;)/.exec(a);if(Oa)return/Edge\/([\d\.]+)/.exec(a);if(z)return/\b(?:MSIE|rv)[: ]([^\);]+)(\)|;)/.exec(a);if(Ra)return/WebKit\/(\S+)/.exec(a);if(Na)return/(?:Version)[ \/]?(\S+)/.exec(a)}();Wa&&(Va=Wa?Wa[1]:"");if(z){var Xa=Ta();if(null!=Xa&&Xa>parseFloat(Va)){Ua=String(Xa);break a}}Ua=Va}var Ya=Ua,Za={},$a;if(l.document&&z){var ab=Ta();$a=ab?ab:parseInt(Ya,10)||void 0}else $a=void 0;var bb=$a;function cb(a){return y(a.prototype,"$$generatedClassName",function(){return"Class$obf_"+{valueOf:function(){return++db}}})}var db=1E3;function A(){}A.prototype.u=function(){return this.j||(Object.defineProperties(this,{j:{value:++eb,enumerable:!1}}),this.j)};A.prototype.toString=function(){var a=B(fb(gb(this.constructor)))+"@";var b=(this.u()>>>0).toString(16);return a+B(b)};function D(){}h(D,A);D.prototype.i=function(a){this.h=a;if(a instanceof Object)try{a.A=this}catch(b){}};function hb(a){a.h instanceof Error&&(Error.captureStackTrace?Error.captureStackTrace(a.h):a.h.stack=Error().stack)}D.prototype.toString=function(){var a=fb(gb(this.constructor)),b=this.l;return null==b?a:B(a)+": "+B(b)};function ib(){}h(ib,D);function jb(){}h(jb,ib);var eb=0;function E(){}h(E,jb);E.prototype.i=function(a){jb.prototype.i.call(this,Object.is(this.g,"__noinit__")?a:this.g)};function kb(){}h(kb,E);function lb(a,b){return"string"==typeof a?a.charCodeAt(b):a.g(b)};function B(a){return null==a?"null":a.toString()}function mb(a){return 65536<=a?B(String.fromCharCode((55296+((a-65536|0)>>10&1023)|0)&65535))+B(String.fromCharCode((56320+((a-65536|0)&1023)|0)&65535)):String.fromCharCode(a&65535)}function nb(a,b){var c=b,d=a.length,e;b=lb(a,(e=c,c=c+1|0,e));var f;if(e=55296<=b&&56319>=b&&c<d)a=f=lb(a,c),e=56320<=a&&57343>=a;var g;e?g=65536+((b&1023)<<10)+(f&1023)|0:g=b;return g};function ob(a,b){this.h=a;this.g=b}h(ob,A);function fb(a){var b=cb(a.h);0!=a.g&&(b="L"+B(b)+";");a=a.g;for(var c="",d=0;d<a;d=d+1|0)c=B(c)+"[";return B(c)+B(b)}ob.prototype.toString=function(){return"class "+B(fb(this))};function gb(a){var b=0;return y(a.prototype,"$$class/"+b,function(){return new ob(a,b)})};function pb(a,b){return null==a?a:b?decodeURI(a):decodeURIComponent(a)};var qb=/^(?:([^:/?#.]+):)?(?:\/\/(?:([^/?#]*)@)?([^/#?]*?)(?::([0-9]+))?(?=[/#?]|$))?([^?#]+)?(?:\?([^#]*))?(?:#([\S\s]*))?$/;function rb(a){a=qb.exec(a);for(var b=[],c=0;7>=c;c=c+1|0)a.length<=c||null==a[c]?b.push(null):b.push(a[c]);return b}
function sb(a,b){var c=a.indexOf(mb(35));c=0>c?a.length:c;a:{var d=0;for(var e=b.length;0<(d=a.indexOf(b,d))&&d<c;){var f=nb(a,d-1|0);if(38==f||63==f){if((d+e|0)>=a.length)break a;f=nb(a,d+e|0);if(61==f||38==f||35==f)break a}d=d+(e+1)|0}d=-1}if(0>d)return null;e=a.indexOf(mb(38),d);if(0>e||e>c)e=c;d=d+(b.length+1)|0;b=Math.min(a.length,d);a=a.substr(b,Math.min(a.length,Math.max(d,e))-b|0);c=" ";for(b=0;0<=(b=c.indexOf("\\",b));)36==c.charCodeAt(b+1|0)?(d=B(c.substr(0,b|0))+"$",e=b=b+1|0,c=d+B(c.substr(e))):
(d=B(c.substr(0,b|0)),e=b=b+1|0,c=d+B(c.substr(e)));a=a.replace(/\+/g,c);return pb(a,!1)};function F(a,b){this.h=b;for(var c=[],d=!0,e=a.length-1;0<=e;e--){var f=a[e]|0;d&&f==b||(c[e]=f,d=!1)}this.g=c}var tb={};function ub(a){return-128<=a&&128>a?y(tb,a,function(b){return new F([b|0],0>b?-1:0)}):new F([a|0],0>a?-1:0)}function G(a){if(isNaN(a)||!isFinite(a))return H;if(0>a)return I(G(-a));for(var b=[],c=1,d=0;a>=c;d++)b[d]=a/c|0,c*=4294967296;return new F(b,0)}var H=ub(0),J=ub(1),vb=ub(16777216);
function K(a){if(-1==a.h)return-K(I(a));for(var b=0,c=1,d=0;d<a.g.length;d++){var e=L(a,d);b+=(0<=e?e:4294967296+e)*c;c*=4294967296}return b}F.prototype.toString=function(a){a=a||10;if(2>a||36<a)throw Error("radix out of range: "+a);if(M(this))return"0";if(-1==this.h)return"-"+I(this).toString(a);for(var b=G(Math.pow(a,6)),c=this,d="";;){var e=wb(c,b).g;c=N(c,O(e,b));var f=((0<c.g.length?c.g[0]:c.h)>>>0).toString(a);c=e;if(M(c))return f+d;for(;6>f.length;)f="0"+f;d=f+d}};
function L(a,b){return 0>b?0:b<a.g.length?a.g[b]:a.h}function M(a){if(0!=a.h)return!1;for(var b=0;b<a.g.length;b++)if(0!=a.g[b])return!1;return!0}function P(a,b){a=N(a,b);return-1==a.h?-1:M(a)?0:1}function I(a){for(var b=a.g.length,c=[],d=0;d<b;d++)c[d]=~a.g[d];return(new F(c,~a.h)).add(J)}F.prototype.abs=function(){return-1==this.h?I(this):this};
F.prototype.add=function(a){for(var b=Math.max(this.g.length,a.g.length),c=[],d=0,e=0;e<=b;e++){var f=d+(L(this,e)&65535)+(L(a,e)&65535),g=(f>>>16)+(L(this,e)>>>16)+(L(a,e)>>>16);d=g>>>16;f&=65535;g&=65535;c[e]=g<<16|f}return new F(c,c[c.length-1]&-2147483648?-1:0)};function N(a,b){return a.add(I(b))}
function O(a,b){if(M(a)||M(b))return H;if(-1==a.h)return-1==b.h?O(I(a),I(b)):I(O(I(a),b));if(-1==b.h)return I(O(a,I(b)));if(0>P(a,vb)&&0>P(b,vb))return G(K(a)*K(b));for(var c=a.g.length+b.g.length,d=[],e=0;e<2*c;e++)d[e]=0;for(e=0;e<a.g.length;e++)for(var f=0;f<b.g.length;f++){var g=L(a,e)>>>16,k=L(a,e)&65535,t=L(b,f)>>>16,n=L(b,f)&65535;d[2*e+2*f]+=k*n;Q(d,2*e+2*f);d[2*e+2*f+1]+=g*n;Q(d,2*e+2*f+1);d[2*e+2*f+1]+=k*t;Q(d,2*e+2*f+1);d[2*e+2*f+2]+=g*t;Q(d,2*e+2*f+2)}for(e=0;e<c;e++)d[e]=d[2*e+1]<<16|
d[2*e];for(e=c;e<2*c;e++)d[e]=0;return new F(d,0)}function Q(a,b){for(;(a[b]&65535)!=a[b];)a[b+1]+=a[b]>>>16,a[b]&=65535,b++}function S(a,b){this.g=a;this.h=b}
function wb(a,b){if(M(b))throw Error("division by zero");if(M(a))return new S(H,H);if(-1==a.h)return b=wb(I(a),b),new S(I(b.g),I(b.h));if(-1==b.h)return b=wb(a,I(b)),new S(I(b.g),b.h);if(30<a.g.length){if(-1==a.h||-1==b.h)throw Error("slowDivide_ only works with positive integers.");for(var c=J,d=b;0>=P(d,a);)c=xb(c,1),d=xb(d,1);var e=T(c,1),f=T(d,1);d=T(d,2);for(c=T(c,2);!M(d);){var g=f.add(d);0>=P(g,a)&&(e=e.add(c),f=g);d=T(d,1);c=T(c,1)}b=N(a,O(e,b));return new S(e,b)}for(e=H;0<=P(a,b);){c=Math.max(1,
Math.floor(K(a)/K(b)));d=Math.ceil(Math.log(c)/Math.LN2);d=48>=d?1:Math.pow(2,d-48);f=G(c);for(g=O(f,b);-1==g.h||0<P(g,a);)c-=d,f=G(c),g=O(f,b);M(f)&&(f=J);e=e.add(f);a=N(a,g)}return new S(e,a)}F.prototype.and=function(a){for(var b=Math.max(this.g.length,a.g.length),c=[],d=0;d<b;d++)c[d]=L(this,d)&L(a,d);return new F(c,this.h&a.h)};F.prototype.or=function(a){for(var b=Math.max(this.g.length,a.g.length),c=[],d=0;d<b;d++)c[d]=L(this,d)|L(a,d);return new F(c,this.h|a.h)};
F.prototype.xor=function(a){for(var b=Math.max(this.g.length,a.g.length),c=[],d=0;d<b;d++)c[d]=L(this,d)^L(a,d);return new F(c,this.h^a.h)};function xb(a,b){var c=b>>5;b%=32;for(var d=a.g.length+c+(0<b?1:0),e=[],f=0;f<d;f++)e[f]=0<b?L(a,f-c)<<b|L(a,f-c-1)>>>32-b:L(a,f-c);return new F(e,a.h)}function T(a,b){var c=b>>5;b%=32;for(var d=a.g.length-c,e=[],f=0;f<d;f++)e[f]=0<b?L(a,f+c)>>>b|L(a,f+c+1)<<32-b:L(a,f+c);return new F(e,a.h)};N(xb(J,32),J);N(xb(J,128),J);function yb(a){a&&"function"==typeof a.v&&a.v()};function U(){this.h=this.h;this.g=this.g}U.prototype.h=!1;U.prototype.v=function(){this.h||(this.h=!0,this.j())};U.prototype.j=function(){if(this.g)for(;this.g.length;)this.g.shift()()};var zb=!z||9<=Number(bb),Ab=!z||9<=Number(bb),Bb=z&&!y(Za,"9",function(){for(var a=0,b=ua(String(Ya)).split("."),c=ua("9").split("."),d=Math.max(b.length,c.length),e=0;0==a&&e<d;e++){var f=b[e]||"",g=c[e]||"";do{f=/(\d*)(\D*)(.*)/.exec(f)||["","","",""];g=/(\d*)(\D*)(.*)/.exec(g)||["","","",""];if(0==f[0].length&&0==g[0].length)break;a=Ca(0==f[1].length?0:parseInt(f[1],10),0==g[1].length?0:parseInt(g[1],10))||Ca(0==f[2].length,0==g[2].length)||Ca(f[2],g[2]);f=f[3];g=g[3]}while(0==a)}return 0<=a}),
Cb=function(){if(!l.addEventListener||!Object.defineProperty)return!1;var a=!1,b=Object.defineProperty({},"passive",{get:function(){a=!0}});try{l.addEventListener("test",la,b),l.removeEventListener("test",la,b)}catch(c){}return a}();function Db(a,b){this.type=a;this.g=this.target=b;this.defaultPrevented=!1}Db.prototype.h=function(){this.defaultPrevented=!0};function V(a,b){Db.call(this,a?a.type:"");this.relatedTarget=this.g=this.target=null;this.button=this.screenY=this.screenX=this.clientY=this.clientX=0;this.key="";this.metaKey=this.shiftKey=this.altKey=this.ctrlKey=!1;this.state=null;this.pointerId=0;this.pointerType="";this.i=null;if(a){var c=this.type=a.type,d=a.changedTouches&&a.changedTouches.length?a.changedTouches[0]:null;this.target=a.target||a.srcElement;this.g=b;if(b=a.relatedTarget){if(Qa){a:{try{Ma(b.nodeName);var e=!0;break a}catch(f){}e=
!1}e||(b=null)}}else"mouseover"==c?b=a.fromElement:"mouseout"==c&&(b=a.toElement);this.relatedTarget=b;d?(this.clientX=void 0!==d.clientX?d.clientX:d.pageX,this.clientY=void 0!==d.clientY?d.clientY:d.pageY,this.screenX=d.screenX||0,this.screenY=d.screenY||0):(this.clientX=void 0!==a.clientX?a.clientX:a.pageX,this.clientY=void 0!==a.clientY?a.clientY:a.pageY,this.screenX=a.screenX||0,this.screenY=a.screenY||0);this.button=a.button;this.key=a.key||"";this.ctrlKey=a.ctrlKey;this.altKey=a.altKey;this.shiftKey=
a.shiftKey;this.metaKey=a.metaKey;this.pointerId=a.pointerId||0;this.pointerType="string"===typeof a.pointerType?a.pointerType:Eb[a.pointerType]||"";this.state=a.state;this.i=a;a.defaultPrevented&&V.o.h.call(this)}}oa(V,Db);var Fb=[1,4,2],Eb={2:"touch",3:"pen",4:"mouse"};V.prototype.h=function(){V.o.h.call(this);var a=this.i;if(a.preventDefault)a.preventDefault();else if(a.returnValue=!1,Bb)try{if(a.ctrlKey||112<=a.keyCode&&123>=a.keyCode)a.keyCode=-1}catch(b){}};var Gb="closure_listenable_"+(1E6*Math.random()|0);var Hb=0;function Ib(a,b,c,d,e){this.listener=a;this.g=null;this.src=b;this.type=c;this.capture=!!d;this.h=e;this.key=++Hb;this.m=this.s=!1}function Jb(a){a.m=!0;a.listener=null;a.g=null;a.src=null;a.h=null};function Kb(a){this.src=a;this.g={};this.h=0}Kb.prototype.add=function(a,b,c,d,e){var f=a.toString();a=this.g[f];a||(a=this.g[f]=[],this.h++);var g;a:{for(g=0;g<a.length;++g){var k=a[g];if(!k.m&&k.listener==b&&k.capture==!!d&&k.h==e)break a}g=-1}-1<g?(b=a[g],c||(b.s=!1)):(b=new Ib(b,this.src,f,!!d,e),b.s=c,a.push(b));return b};function Lb(a,b){var c=b.type;if(c in a.g){var d=a.g[c],e=qa(d,b),f;(f=0<=e)&&Array.prototype.splice.call(d,e,1);f&&(Jb(b),0==a.g[c].length&&(delete a.g[c],a.h--))}};var Mb="closure_lm_"+(1E6*Math.random()|0),Nb={},Ob=0;function Pb(a,b,c,d,e){if(d&&d.once)return Qb(a,b,c,d,e);if(Array.isArray(b)){for(var f=0;f<b.length;f++)Pb(a,b[f],c,d,e);return null}c=Rb(c);return a&&a[Gb]?a.g.add(String(b),c,!1,ma(d)?!!d.capture:!!d,e):Sb(a,b,c,!1,d,e)}
function Sb(a,b,c,d,e,f){if(!b)throw Error("Invalid event type");var g=ma(e)?!!e.capture:!!e,k=Tb(a);k||(a[Mb]=k=new Kb(a));c=k.add(b,c,d,g,f);if(c.g)return c;d=Ub();c.g=d;d.src=a;d.listener=c;if(a.addEventListener)Cb||(e=g),void 0===e&&(e=!1),a.addEventListener(b.toString(),d,e);else if(a.attachEvent)a.attachEvent(Vb(b.toString()),d);else if(a.addListener&&a.removeListener)a.addListener(d);else throw Error("addEventListener and attachEvent are unavailable.");Ob++;return c}
function Ub(){var a=Wb,b=Ab?function(c){return a.call(b.src,b.listener,c)}:function(c){c=a.call(b.src,b.listener,c);if(!c)return c};return b}function Qb(a,b,c,d,e){if(Array.isArray(b)){for(var f=0;f<b.length;f++)Qb(a,b[f],c,d,e);return null}c=Rb(c);return a&&a[Gb]?a.g.add(String(b),c,!0,ma(d)?!!d.capture:!!d,e):Sb(a,b,c,!0,d,e)}
function Xb(a){if("number"!==typeof a&&a&&!a.m){var b=a.src;if(b&&b[Gb])Lb(b.g,a);else{var c=a.type,d=a.g;b.removeEventListener?b.removeEventListener(c,d,a.capture):b.detachEvent?b.detachEvent(Vb(c),d):b.addListener&&b.removeListener&&b.removeListener(d);Ob--;(c=Tb(b))?(Lb(c,a),0==c.h&&(c.src=null,b[Mb]=null)):Jb(a)}}}function Vb(a){return a in Nb?Nb[a]:Nb[a]="on"+a}
function Yb(a,b,c,d){var e=!0;if(a=Tb(a))if(b=a.g[b.toString()])for(b=b.concat(),a=0;a<b.length;a++){var f=b[a];f&&f.capture==c&&!f.m&&(f=Zb(f,d),e=e&&!1!==f)}return e}function Zb(a,b){var c=a.listener,d=a.h||a.src;a.s&&Xb(a);return c.call(d,b)}
function Wb(a,b){if(a.m)return!0;if(!Ab){if(!b)a:{b=["window","event"];for(var c=l,d=0;d<b.length;d++)if(c=c[b[d]],null==c){b=null;break a}b=c}d=b;b=new V(d,this);c=!0;if(!(0>d.keyCode||void 0!=d.returnValue)){a:{var e=!1;if(0==d.keyCode)try{d.keyCode=-1;break a}catch(g){e=!0}if(e||void 0==d.returnValue)d.returnValue=!0}d=[];for(e=b.g;e;e=e.parentNode)d.push(e);a=a.type;for(e=d.length-1;0<=e;e--){b.g=d[e];var f=Yb(d[e],a,!0,b);c=c&&f}for(e=0;e<d.length;e++)b.g=d[e],f=Yb(d[e],a,!1,b),c=c&&f}return c}return Zb(a,
new V(b,this))}function Tb(a){a=a[Mb];return a instanceof Kb?a:null}var $b="__closure_events_fn_"+(1E9*Math.random()>>>0);function Rb(a){if("function"===typeof a)return a;a[$b]||(a[$b]=function(b){return a.handleEvent(b)});return a[$b]};function W(a){U.call(this);this.l=a;this.i={}}oa(W,U);var ac=[];function bc(a){ra(a.i,function(b,c){this.i.hasOwnProperty(c)&&Xb(b)},a);a.i={}}W.prototype.j=function(){W.o.j.call(this);bc(this)};W.prototype.handleEvent=function(){throw Error("EventHandler.handleEvent not implemented");};function cc(a){U.call(this);this.i=a||document.body;this.l=new W(this);a=na(yb,this.l);this.h?a():(this.g||(this.g=[]),this.g.push(a));a=this.l;var b=this.i,c=this.u,d="click";Array.isArray(d)||(d&&(ac[0]=d.toString()),d=ac);for(var e=0;e<d.length;e++){var f=Pb(b,d[e],c||a.handleEvent,!1,a.l||a);if(!f)break;a.i[f.key]=f}}h(cc,U);
cc.prototype.u=function(a){if(!(!(zb?0==a.i.button:"click"==a.type||a.i.button&Fb[0])||Sa&&a.ctrlKey||a.defaultPrevented))for(var b=a.target;b&&b!=this.i;){if(b.tagName&&"a"==b.tagName.toLowerCase()){var c=b.getAttribute("href")||b.getAttributeNS("http://www.w3.org/1999/xlink","href"),d=c;try{var e=rb(c)[3];var f;if(f="www.google.com"===pb(e,!0)){var g=rb(c)[5];f="/url"===pb(g,!0)}if(f){var k=sb(c,"q");d=k?k:sb(c,"url")}}catch(C){a:{var t=C;if(null!=t){var n=t.A;if(null!=n){C=n;break a}}if(t instanceof
TypeError){var R=n=new kb;R.l=B(t);hb(R);n.g="__noinit__";n.g=t;n.i(new TypeError(n));t=n}else R=n=new E,R.l=B(t),hb(R),n.g="__noinit__",n.g=t,n.i(Error(n)),t=n;C=t}if(!(C instanceof ib))throw C.h;}d=null!=d?d:"";if(c!=d){e=void 0;b={target:"_blank",noreferrer:!0};c=window;d instanceof q?f=d:(f="undefined"!=typeof d.href?d.href:String(d),f instanceof q||(f="object"==typeof f&&f.h?f.g():String(f),Fa.test(f)?f=new q(f,r):(f=String(f),f=f.replace(/(%0A|%0D)/g,""),f=(g=f.match(Ea))&&Da.test(g[1])?new q(f,
r):null)),f=f||Ha);d=b.target||d.target;g=[];for(e in b)switch(e){case "width":case "height":case "top":case "left":g.push(e+"="+b[e]);break;case "target":case "noopener":case "noreferrer":break;default:g.push(e+"="+(b[e]?1:0))}e=g.join(",");if((w("iPhone")&&!w("iPod")&&!w("iPad")||w("iPad")||w("iPod"))&&c.navigator&&c.navigator.standalone&&d&&"_self"!=d)e="A",g=document,e=String(e),"application/xhtml+xml"===g.contentType&&(e=e.toLowerCase()),g=e=g.createElement(e),f=f instanceof q?f:Ga(f),g.href=
u(f),e.setAttribute("target",d),b.noreferrer&&e.setAttribute("rel","noreferrer"),b=document.createEvent("MouseEvent"),b.initMouseEvent("click",!0,!0,c,1),e.dispatchEvent(b);else if(b.noreferrer){if(c=La("",c,d,e),b=u(f),c){Pa&&-1!=b.indexOf(";")&&(b="'"+b.replace(/'/g,"%27")+"'");c.opener=null;Ba.test(b)&&(-1!=b.indexOf("&")&&(b=b.replace(va,"&amp;")),-1!=b.indexOf("<")&&(b=b.replace(wa,"&lt;")),-1!=b.indexOf(">")&&(b=b.replace(xa,"&gt;")),-1!=b.indexOf('"')&&(b=b.replace(ya,"&quot;")),-1!=b.indexOf("'")&&
(b=b.replace(za,"&#39;")),-1!=b.indexOf("\x00")&&(b=b.replace(Aa,"&#0;")));b='<meta name="referrer" content="no-referrer"><meta http-equiv="refresh" content="0; url='+b+'">';if(void 0===m)if(d=null,(e=l.trustedTypes)&&e.createPolicy){try{d=e.createPolicy("goog#html",{createHTML:pa,createScript:pa,createScriptURL:pa})}catch(C){l.console&&l.console.error(C.message)}m=d}else m=d;b=(d=m)?d.createHTML(b):b;b=new x(b,null,Ka);(c=c.document)&&c.write&&(c.write(b instanceof x&&b.constructor===x?b.i:"type_error:SafeHtml"),
c.close())}}else(c=La(f,c,d,e))&&b.noopener&&(c.opener=null);a.h();break}}b=b.parentNode}};function dc(a){new cc(a)}var X=["DOCS_installLinkReferrerSanitizer"],Y=l;X[0]in Y||"undefined"==typeof Y.execScript||Y.execScript("var "+X[0]);for(var Z;X.length&&(Z=X.shift());)X.length||void 0===dc?Y[Z]&&Y[Z]!==Object.prototype[Z]?Y=Y[Z]:Y=Y[Z]={}:Y[Z]=dc;}).call(this);
</script><script type="text/javascript" nonce="">DOCS_installLinkReferrerSanitizer();</script></body></html>